Impact of Microsoft enforcing LDAPS

%3CLINGO-SUB%20id%3D%22lingo-sub-1124529%22%20slang%3D%22en-US%22%3ERe%3A%20Impact%20of%20Microsoft%20enforcing%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1124529%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F79705%22%20target%3D%22_blank%22%3E%40Gurdev%20Singh%3C%2FA%3Ethose%20applications%20aren't%20connecting%20to%20AD%20using%20LDAP.%20If%20you%20have%20the%20auditing%20enabled%2C%20or%20you%20have%20tools%20such%20as%20Azure%20ATP%2FAdvanced%20Threat%20Analytics%2C%20you%20will%20see%20what%20is%20using%20LDAP%2C%20rather%20than%20LDAPS.%20The%20impact%20is%20more%20likely%20to%20be%20things%20like%20the%20VPN%20appliance%2C%20TeamCity%20if%20you%20use%20it%20and%20other%20applications%20using%20LDAP%20auth%2Flookup%20not%20RADIUS%2C%20Kerberos%2C%20SAML%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1123898%22%20slang%3D%22en-US%22%3EImpact%20of%20Microsoft%20enforcing%20LDAPS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1123898%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anyone%20considered%20recent%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-nz%2Fhelp%2F4520412%2F2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20announcement%3C%2FA%3E%20of%20enforcing%20LDAPS%20for%20Active%20Directory%3F%20As%20AAD%20Connect%20is%20connecting%20to%20AD%2C%20I%20wonder%20if%20this%20will%20have%20any%20impact%20on%20AAD%20Connect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFurthermore%2C%20what%20about%20impact%20on%20standard%20AD%20PowerShell%20commands%20like%20Get-ADUser%20or%20Set-ADUser%20and%20C%23%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdotnet%2Fapi%2Fsystem.directoryservices.directorysearcher%3Fview%3Dnetframework-4.8%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDirectorySearcher%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1123898%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Frequent Contributor

Has anyone considered recent Microsoft announcement of enforcing LDAPS for Active Directory? As AAD Connect is connecting to AD, I wonder if this will have any impact on AAD Connect.

 

Furthermore, what about impact on standard AD PowerShell commands like Get-ADUser or Set-ADUser and C# DirectorySearcher

1 Reply
Highlighted

@Gurdev Singhthose applications aren't connecting to AD using LDAP. If you have the auditing enabled, or you have tools such as Azure ATP/Advanced Threat Analytics, you will see what is using LDAP, rather than LDAPS. The impact is more likely to be things like the VPN appliance, TeamCity if you use it and other applications using LDAP auth/lookup not RADIUS, Kerberos, SAML etc.